This Privacy Notice describes the collection and use of your personal data in the context of your usage of our websites according to the legal requirements.
Please note that the usage of particular web content on our websites may involve further processing of your personal data which will be described in complementary Privacy Notices that have to be considered in addition.
1) Applicable Law and Controller
As a company with headquarters based in Switzerland the EU General Data Protection Regulation (“GDPR”) does not directly apply to btov. However (on a voluntary basis and without this resulting in a legal obligation) btov has implemented a Data Protection Management System (“DPMS”) that is based on the requirements of the GDPR in order to ensure compliance with the high standards data protection standards of the European Union. Additionally, swiss data protection regulation does apply in its current form. The DPMS include European entities of the btov group (e.g. based in Germany and Luxembourg), some of which share responsibility for individual data processing operations. If a joint responsibility for certain processing activities exist, this shall be further specified with regard to the respective processing activity.
Solely responsible for all processing in connection with the website is:
btov Partners AG (“btov”/”we”)
9000 St. Gallen
2) Data Protection Officer
We have designated an external Data Protection Officer with Simpliant (for more information about Simpliant visit www.simpliant.eu).
You can reach our Data Protection Officer at:
via E-Mail at: firstname.lastname@example.org
via postal mail at:
btov Partners AG
– Data Protection Officer –
9000 St. Gallen
Or via postal mail addressed to the corresponding group company (“- Data Protection Officer ”).
3) Your Rights as a Data Subject
You can exercise the following rights at any time:
- Information about your data stored by us and its processing (Art. 15 GDPR),
- Correction of inaccurate personal data (Art. 16 GDPR),
- Deletion of your data stored with us (Art. 17 GDPR),
- Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
- Data transferability if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR)
- Objection to the processing of your data by us (Art. 21 GDPR)
4) Legal Basis for Data Processing
The legal basis of all our processing activities is based on Art. 6 para. 1 GDPR.
Personal data is processed on the following basis:
- 6 para. 1 lit. a) GDPR – your consent:
- If we process your health data based on your consent (e.g. within the scope of our range of services as described in more detail below), the processing of your data is based on your express consent pursuant to Art. 6 para. 1 a) in conjunction with Art. 9 para. 2 a) GDPR
- You can revoke your consent with effect for the future at any time
- 6 para. 1 lit. b) GDPR – Performance of a contract or pre-contractual measures
- 6 para. 1 lit. c) GDPR – Compliance with legal obligations
- 6 para. 1 lit. f) GDPR – Legitimate interests
5) Storage Duration
We will take all reasonable steps to ensure that your personal data is processed only for the time necessary in accordance with the purpose of the processing. If the storage period is not specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law (e.g. § 257 HGB, 147 AO) and in the event of a possible legal dispute.
6) DATA Security
To protect the security of your data during transmission, we use technical and organizational security measures, in particular the encryption of our website, to prevent unauthorized access by third parties. The data collected from you is always hosted on ISO 27001 certified servers. Our security measures are continuously improved and adapted in line with technological developments.
7) DATA Transfer to Service Providers
In general we use service providers for the provision of our services. These service providers act only according to our instructions and are contractually obliged to observe our instructions (Art. 28 GDPR). If not further specified in the following, the service providers are commissioned for the following services:
- Performance of our contractual obligations and services
- Maintenance of IT systems and related services
- Processing of our customer service and administration of inquiries
- Measurement of the website performance
- Delivery of products and processing of payments
7.1 Purpose of Processing:
We use services of Cloudflare Inc. (101 Townsend St., San Francisco, CA 94107, USA) to ensure the security and availability of our services, and to enable faster content delivery on our website. Cloudflare copies parts of our website, and distributes the content over a global server structure. In this context, the information enlisted above (hosting) may be processed by Cloudflare (e.g. IP-Address, Date and Time of access etc.).
7.2 Legal Basis:
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest to ensure the stability, accessibility and security of our website.
Cloudflare act as our data processor on behalf.
7.4 Third Party transfer
Data transferred to Cloudflare may be processed by Cloudflare outside the EEA. We have concluded so-called standard contractual clauses with Cloudflare to ensure safe and compliant processing of data.
7.5 Retention Period:
The collected data files are deleted after 29 days.
8) Data Transfer to Third countries
Your personal data might be processed in Switzerland. The Commission of the European Union has decided that Switzerland shall be considered as a country with an adequate level of data protection.
Apart from that and unless specified otherwise, your data will not be transferred to a third country outside the European Union.
If personal data is transferred outside of the European Union this shall only occur if the requirements of Art. 44- 49 GDPR are met, in particular if the transfer is safeguarded by standard contractual clauses, an adequacy decision of the Commission or binding corporate rules.
9) Obligation to provide personal data and profiling
There is no legal or contractual obligation to provide us with any data. However, some services can only be provided if the required personal data is processed. Your personal data will not be used for the creation of user profiles or automated individual decision making.
10) Server Logfiles
10.1 Type and Purpose of Processing:
When you access our website, information of a general nature is automatically collected. This information (server log files) includes:
- Name of access provider
- Browser type, version of browser software and language of browser
- Operating system
- Date and time of access
- Content of access
- Amount of data transferred
- Access status (successful transmission/error)
- Website(s) the access was forwarded to
- Website(s) accessed
The processing occurs for following purposes:
- ensuring a trouble-free connection to the website
- ensuring a smooth use of our website
- evaluation of system safety and stability.
10.2 Legal Basis:
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in providing the website to you and improving the security, stability and functionality of our website.
Recipients of the data are the service providers who are responsible for the operation and maintenance of our website and the hosting provider. As processors on behalf, these parties are obliged to process the data only within the scope of our instructions.
10.4 Retention Period:
The server log files are deleted after 1 month at the latest.
11) E-Mail Contact and contact formular
11.1 Type and Purpose of Processing:
In general, you can get in contact with us by sending us an e-mail. The data entered and transmitted by you will be processed for the purpose of individual communication with you. We will process your e-mail address as well as any information you share with us within communications. You can specify your request and contact one of our offices directly by using the contact information on our website (e.g. pitch your company, enquiries, careers and FAQ, details below).
11.2 Legal Basis:
The processing of data transmitted by e-mail is based on a legitimate interest (Art. 6 para. 1 lit. f GDPR) in efficient and simple communication with you.
Depending on the nature of your request, the processing of data transmitted by e-mail may serve to carry out pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
The recipients of the data are processors on behalf as well as the competent companies of btov. As contract processors, the service providers are obliged to process the data only within the scope of our instructions. Depending on the type of request the btov companies can process your data as joint controllers.
11.4 Retention Period:
If no legal retention periods require the storage of the data or the nature of the processing activity requires the ongoing processing of personal information your data will be deleted at the latest 3 years after the last contact. If a contractual relationship is concluded, your contact data will be stored as long as this user relationship lasts. If we are subject to legal retention periods, we will comply with these and delete your data after the expiry of these periods.
12) Applications and Career
12.1 Type and Purpose of Processing:
On our website you have the possibility to apply at btov (in particular for open positions). Data relating to your person are generally collected from you by means of direct collection during the application process – on the occasion of your application in response to a specific job advertisement or your unsolicited application. In addition, we may also have received data from third parties (e.g. job exchanges such as join.com) if you have applied to us using such platform. In addition, we may process personal data that we have permissibly obtained from publicly accessible sources (e.g. professional social networks).
In order to accept and evaluate your application and depending on the data provided by you we might process the following personal information:
- Information you tell us about yourself
- Position you are applying for
- E-Mail Address
- Telephone number
- Date of birth
- Testimonials and certificates
- Further information contained in cover letters and CVs
12.2 Legal Basis:
The data is processed on the basis of pre-contractual measures (Art. 6 Para. 1 lit. b GDPR) or on the basis of Art. 6 para. 1 b), Art. 88 DSGVO in conjunction with Art. 26 para. 1 BDSG. btov may process the data as joint controller on the basis of a contract or as an independent controller.
Your application data is processed within the btov group depending on the specific application. based. Only the persons in the group that are involved in the hiring process do receive access to your data.
Furthermore, the data can be processed by the service providers (e.g. job-platform). As contract processors, the service providers are obliged to process the data only within the scope of our instructions or – depending on the usage of the service provider – as joint controller under the GDPR.
12.4 Retention Period:
In the event of an unsuccessful candidature we will delete the personal immediately after we have informed you, latest one month after an unsuccessful application.
12.5 Statutory or Contractual Requirement to provide Data:
The provision of your personal data is voluntary. Without transmission of data we cannot accept your application.
13) Google Analytics
13.1 Type and Purpose of Processing:
Our website(s) use Google Analytics a web analysis service of Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland („Google“). This information does not enable the identification of and individual visitor of this website.
Google Analytics enables us to analyze the usage of our website by processing personal data in cookies which are text files stored on your computer to (re-)identify website visitos. On our behalf, Google creates reports concerning the activities on our website and provides us with the respective information for statistical purposes and in order to optimize the website usage.
In this context only the “anonymize_IP” functionality of Google Analytics is activated. IP addresses are anonymized before they are stored. This means that Google will anonymize your IP address while the data is still within member states of the European Union or other contracting states of the Agreement on the European Economic Area. The IP address which is transmitted by your browser will not be brought into contact with other data stored by Google.
13.2 Legal Basis:
The data is processed on the basis of your consent (Art. 6 Para. 1 lit. a GDPR).
The recipients of the data are processors on behalf. As contract processors, the service providers are obliged to process the data only within the scope of our instructions.
13.4 Retention Period:
The data will be deleted after 14 months.
13.5 Right to Withdraw Consent:
If you have given us your consent you can deactivate Google Analytics by deleting your local cookies in your browser or by using the following browser-plugin provided by Google: http://tools.google.com/dlpage/gaoptout?hl=de
14) Changes to the Privacy Notice
We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services.